cvelist/2021/44xxx/CVE-2021-44463.json

98 lines
2.9 KiB
JSON
Raw Normal View History

2021-12-16 19:01:12 +00:00
{
"CVE_data_meta": {
2022-01-28 20:01:08 +00:00
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T15:34:00.000Z",
2021-12-16 19:01:12 +00:00
"ID": "CVE-2021-44463",
2022-01-28 20:01:08 +00:00
"STATE": "PUBLIC",
"TITLE": "Emerson DeltaV Uncontrolled Search Path Element"
2021-12-16 19:01:12 +00:00
},
2022-01-28 20:01:08 +00:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
2022-01-28 21:01:07 +00:00
"product_name": "n/a",
2022-01-28 20:01:08 +00:00
"version": {
"version_data": [
{
2022-01-28 21:01:07 +00:00
"version_value": "n/a"
2022-01-28 20:01:08 +00:00
}
]
}
}
]
},
2022-01-28 21:01:07 +00:00
"vendor_name": "n/a"
2022-01-28 20:01:08 +00:00
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
2021-12-16 19:01:12 +00:00
"description": {
"description_data": [
{
"lang": "eng",
2022-01-28 20:01:08 +00:00
"value": "Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
2022-01-28 21:01:07 +00:00
"value": "n/a"
2022-01-28 20:01:08 +00:00
}
]
2021-12-16 19:01:12 +00:00
}
]
2022-01-28 20:01:08 +00:00
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"
}
]
},
"solution": [
{
"lang": "eng"
}
],
"source": {
"advisory": "ICSA-21-355-04",
"discovery": "UNKNOWN"
2021-12-16 19:01:12 +00:00
}
}